mirror of
https://github.com/openjdk/jdk.git
synced 2025-08-26 14:24:46 +02:00
8246797: A convenient method to read OPTIONAL element
Reviewed-by: jnimeh, valeriep
This commit is contained in:
Weijun Wang
parent
6cf5079d8e
commit
fc0f8542c3
6 changed files with 276 additions and 96 deletions
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright (c) 2003, 2020, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2003, 2021, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
|
|
@ -40,14 +40,15 @@ import javax.crypto.spec.OAEPParameterSpec;
|
|||
/**
|
||||
* This class implements the OAEP parameters used with the RSA
|
||||
* algorithm in OAEP padding. Here is its ASN.1 definition:
|
||||
* <pre>
|
||||
* RSAES-OAEP-params ::= SEQUENCE {
|
||||
* hashAlgorithm [0] HashAlgorithm DEFAULT sha1,
|
||||
* maskGenAlgorithm [1] MaskGenAlgorithm DEFAULT mgf1SHA1,
|
||||
* pSourceAlgorithm [2] PSourceAlgorithm DEFAULT pSpecifiedEmpty
|
||||
* }
|
||||
* </pre>
|
||||
*
|
||||
* @author Valerie Peng
|
||||
*
|
||||
*/
|
||||
|
||||
public final class OAEPParameters extends AlgorithmParametersSpi {
|
||||
|
|
@ -91,61 +92,48 @@ public final class OAEPParameters extends AlgorithmParametersSpi {
|
|||
}
|
||||
}
|
||||
|
||||
protected void engineInit(byte[] encoded)
|
||||
throws IOException {
|
||||
DerInputStream der = new DerInputStream(encoded);
|
||||
mdName = "SHA-1";
|
||||
mgfSpec = MGF1ParameterSpec.SHA1;
|
||||
p = new byte[0];
|
||||
DerValue[] datum = der.getSequence(3);
|
||||
for (int i=0; i<datum.length; i++) {
|
||||
DerValue data = datum[i];
|
||||
if (data.isContextSpecific((byte) 0x00)) {
|
||||
// hash algid
|
||||
mdName = AlgorithmId.parse
|
||||
(data.data.getDerValue()).getName();
|
||||
} else if (data.isContextSpecific((byte) 0x01)) {
|
||||
// mgf algid
|
||||
AlgorithmId val = AlgorithmId.parse(data.data.getDerValue());
|
||||
if (!val.getOID().equals(OID_MGF1)) {
|
||||
throw new IOException("Only MGF1 mgf is supported");
|
||||
}
|
||||
AlgorithmId params = AlgorithmId.parse(
|
||||
new DerValue(val.getEncodedParams()));
|
||||
String mgfDigestName = params.getName();
|
||||
if (mgfDigestName.equals("SHA-1")) {
|
||||
mgfSpec = MGF1ParameterSpec.SHA1;
|
||||
} else if (mgfDigestName.equals("SHA-224")) {
|
||||
mgfSpec = MGF1ParameterSpec.SHA224;
|
||||
} else if (mgfDigestName.equals("SHA-256")) {
|
||||
mgfSpec = MGF1ParameterSpec.SHA256;
|
||||
} else if (mgfDigestName.equals("SHA-384")) {
|
||||
mgfSpec = MGF1ParameterSpec.SHA384;
|
||||
} else if (mgfDigestName.equals("SHA-512")) {
|
||||
mgfSpec = MGF1ParameterSpec.SHA512;
|
||||
} else if (mgfDigestName.equals("SHA-512/224")) {
|
||||
mgfSpec = MGF1ParameterSpec.SHA512_224;
|
||||
} else if (mgfDigestName.equals("SHA-512/256")) {
|
||||
mgfSpec = MGF1ParameterSpec.SHA512_256;
|
||||
} else {
|
||||
throw new IOException(
|
||||
"Unrecognized message digest algorithm");
|
||||
}
|
||||
} else if (data.isContextSpecific((byte) 0x02)) {
|
||||
// pSource algid
|
||||
AlgorithmId val = AlgorithmId.parse(data.data.getDerValue());
|
||||
if (!val.getOID().equals(OID_PSpecified)) {
|
||||
throw new IOException("Wrong OID for pSpecified");
|
||||
}
|
||||
DerInputStream dis = new DerInputStream(val.getEncodedParams());
|
||||
p = dis.getOctetString();
|
||||
if (dis.available() != 0) {
|
||||
throw new IOException("Extra data for pSpecified");
|
||||
}
|
||||
} else {
|
||||
throw new IOException("Invalid encoded OAEPParameters");
|
||||
}
|
||||
protected void engineInit(byte[] encoded) throws IOException {
|
||||
|
||||
DerInputStream der = DerValue.wrap(encoded).data();
|
||||
var sub = der.getOptionalExplicitContextSpecific(0);
|
||||
if (sub.isPresent()) {
|
||||
mdName = AlgorithmId.parse(sub.get()).getName();
|
||||
} else {
|
||||
mdName = "SHA-1";
|
||||
}
|
||||
sub = der.getOptionalExplicitContextSpecific(1);
|
||||
if (sub.isPresent()) {
|
||||
AlgorithmId val = AlgorithmId.parse(sub.get());
|
||||
if (!val.getOID().equals(OID_MGF1)) {
|
||||
throw new IOException("Only MGF1 mgf is supported");
|
||||
}
|
||||
AlgorithmId params = AlgorithmId.parse(
|
||||
new DerValue(val.getEncodedParams()));
|
||||
mgfSpec = switch (params.getName()) {
|
||||
case "SHA-1" -> MGF1ParameterSpec.SHA1;
|
||||
case "SHA-224" -> MGF1ParameterSpec.SHA224;
|
||||
case "SHA-256" -> MGF1ParameterSpec.SHA256;
|
||||
case "SHA-384" -> MGF1ParameterSpec.SHA384;
|
||||
case "SHA-512" -> MGF1ParameterSpec.SHA512;
|
||||
case "SHA-512/224" -> MGF1ParameterSpec.SHA512_224;
|
||||
case "SHA-512/256" -> MGF1ParameterSpec.SHA512_256;
|
||||
default -> throw new IOException(
|
||||
"Unrecognized message digest algorithm");
|
||||
};
|
||||
} else {
|
||||
mgfSpec = MGF1ParameterSpec.SHA1;
|
||||
}
|
||||
sub = der.getOptionalExplicitContextSpecific(2);
|
||||
if (sub.isPresent()) {
|
||||
AlgorithmId val = AlgorithmId.parse(sub.get());
|
||||
if (!val.getOID().equals(OID_PSpecified)) {
|
||||
throw new IOException("Wrong OID for pSpecified");
|
||||
}
|
||||
p = DerValue.wrap(val.getEncodedParams()).getOctetString();
|
||||
} else {
|
||||
p = new byte[0];
|
||||
}
|
||||
der.atEnd();
|
||||
}
|
||||
|
||||
protected void engineInit(byte[] encoded, String decodingMethod)
|
||||
|
|
|
|||
|
|
@ -268,48 +268,34 @@ abstract class PBES2Parameters extends AlgorithmParametersSpi {
|
|||
}
|
||||
iCount = pBKDF2_params.data.getInteger();
|
||||
|
||||
DerValue prf = null;
|
||||
// keyLength INTEGER (1..MAX) OPTIONAL,
|
||||
if (pBKDF2_params.data.available() > 0) {
|
||||
DerValue keyLength = pBKDF2_params.data.getDerValue();
|
||||
if (keyLength.tag == DerValue.tag_Integer) {
|
||||
keysize = keyLength.getInteger() * 8; // keysize (in bits)
|
||||
} else {
|
||||
// Should be the prf
|
||||
prf = keyLength;
|
||||
}
|
||||
var ksDer = pBKDF2_params.data.getOptional(DerValue.tag_Integer);
|
||||
if (ksDer.isPresent()) {
|
||||
keysize = ksDer.get().getInteger() * 8; // keysize (in bits)
|
||||
}
|
||||
|
||||
// prf AlgorithmIdentifier {{PBKDF2-PRFs}} DEFAULT algid-hmacWithSHA1
|
||||
String kdfAlgo = "HmacSHA1";
|
||||
if (prf == null) {
|
||||
if (pBKDF2_params.data.available() > 0) {
|
||||
prf = pBKDF2_params.data.getDerValue();
|
||||
}
|
||||
}
|
||||
if (prf != null) {
|
||||
String kdfAlgo;
|
||||
var prfDer = pBKDF2_params.data.getOptional(DerValue.tag_Sequence);
|
||||
if (prfDer.isPresent()) {
|
||||
DerValue prf = prfDer.get();
|
||||
kdfAlgo_OID = prf.data.getOID();
|
||||
KnownOIDs o = KnownOIDs.findMatch(kdfAlgo_OID.toString());
|
||||
if (o == null || (!o.stdName().equals("HmacSHA1") &&
|
||||
!o.stdName().equals("HmacSHA224") &&
|
||||
!o.stdName().equals("HmacSHA256") &&
|
||||
!o.stdName().equals("HmacSHA384") &&
|
||||
!o.stdName().equals("HmacSHA512"))) {
|
||||
!o.stdName().equals("HmacSHA224") &&
|
||||
!o.stdName().equals("HmacSHA256") &&
|
||||
!o.stdName().equals("HmacSHA384") &&
|
||||
!o.stdName().equals("HmacSHA512"))) {
|
||||
throw new IOException("PBE parameter parsing error: "
|
||||
+ "expecting the object identifier for a HmacSHA key "
|
||||
+ "derivation function");
|
||||
}
|
||||
kdfAlgo = o.stdName();
|
||||
|
||||
if (prf.data.available() != 0) {
|
||||
// parameter is 'NULL' for all HmacSHA KDFs
|
||||
DerValue parameter = prf.data.getDerValue();
|
||||
if (parameter.tag != DerValue.tag_Null) {
|
||||
throw new IOException("PBE parameter parsing error: "
|
||||
+ "not an ASN.1 NULL tag");
|
||||
}
|
||||
}
|
||||
prf.data.getOptional(DerValue.tag_Null);
|
||||
prf.data.atEnd();
|
||||
} else {
|
||||
kdfAlgo = "HmacSHA1";
|
||||
}
|
||||
|
||||
return kdfAlgo;
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue